Privacy Policy

1. Introduction

Orbit is a privacy-first personal CRM that helps you nurture real relationships. We are committed to protecting your personal data and being transparent about what we collect and why. Orbit is fully open source, so you can inspect exactly how your data is handled.

2. Data We Collect

We only collect data that is necessary to provide the CRM functionality you signed up for. This includes:

• • Account information — Your name and email address (from your Google account used to sign in).
• • Contacts — Names, phone numbers, email addresses, dates of birth, notes, and photos you add.
• • Conversations — Content, medium, participants, and dates of conversations you log.
• • Events — Titles, descriptions, locations, participants, and dates of events you create.
• • Reminders — Titles, notes, due dates, and associated participants.
• • Relationships — Connections and relationship types between your contacts.
• • Audio recordings — Voice notes you record for speech-to-text transcription. Audio is processed temporarily and not stored permanently.
• • AI assistant chats — Messages you exchange with the built-in AI assistant.

3. How We Use Your Data

Your data is used solely to provide the Orbit CRM experience:

• • Storing and displaying your contacts, conversations, events, and reminders.
• • Powering the AI assistant to help you draft messages, summarize interactions, and surface relationship insights.
• • Transcribing voice recordings into text using speech-to-text services.
• • Sending you reminders and notifications you have configured.

We do not serve ads, sell your data, or use it for any purpose beyond providing the app's functionality.

4. Third-Party Services

Orbit relies on the following third-party services to function. We are transparent about exactly what data each service receives:

5. Consent and Control

You are in control of your data. Orbit includes a consent toggle in Settings that lets you control whether your data is processed by third-party AI services (Google Gemini and Sarvam AI). When consent is disabled, features like the AI assistant and voice transcription will not send your data to these services.

6. Data Storage & Security

We take the security of your data seriously:

• • All data is stored in Supabase PostgreSQL databases with encryption at rest.
• • All communication is encrypted in transit via HTTPS/TLS.
• • Multi-tenant userId isolation ensures every database query is scoped to your account. Your data is completely separated from other users at the application layer.
• • Authentication is handled via Supabase Auth with secure JWT tokens.

7. Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights:

• • Data export — Export all of your data at any time from the Settings screen.
• • Account deletion — Delete your account and all associated data permanently from Settings.
• • Data portability — Your exported data is provided in a standard, machine-readable format.
• • Restrict processing — Use the consent toggle to disable AI processing of your data at any time.

8. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems. Audio recordings used for speech-to-text are processed temporarily and are not retained after transcription is complete.

9. Children's Privacy

Orbit is not intended for use by children under the age of 13. We do not knowingly collect personal data from children. If you believe a child under 13 has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify users through the app or via email. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at privacy@myorbit360.com.